{{ searchResult.published_at | date:'d MMMM yyyy' }}

Loading ...
Loading ...

Enter a search term such as “mobile analytics” or browse our content using the filters above.

No_results

That’s not only a poor Scrabble score but we also couldn’t find any results matching “”.
Check your spelling or try broadening your search.

Logo_distressed

Sorry about this, there is a problem with our search at the moment.
Please try again later.

The EU e-Privacy Directive was introduced last year as a way of forcing websites to be more open about the type of cookies they used to track visitors.

Initially there was quite a lot of apprehension as site owners were concerned that they’d be forced to add intrusive pop-ups and force visitors to opt-in before they could begin using the site.

Thankfully the Information Commissioners Office (ICIO) took a lenient approach to enforcement and allowed sites to use an ‘implied consent’ measure, which means that they can get away with simply making their cookie policy more prominent rather than explicitly asking for users to accept cookies.

Even brands that do explicitly inform users that the site uses cookies generally don’t give an option to opt-out, but instead direct people to change the settings in their browser.

Around this time last year I flagged up 20 examples of cookie law compliance, so thought it would be interesting to check back and see how these sites have adapted their approaches, as well as highlighting some other high profile examples.

Overall the sites tend to take one of three options:

  • Display a massive banner or pop-up that is almost impossible for users to miss, notifying people of the basic details of the cookie policy.
  • Display a discreet notice alerting people to that fact that cookies are used.
  • Do almost nothing at all, simply adding a small hyperlink somewhere on the homepage.

Those with a hyperlink only...

Thomas Cook

Thomas Cook has retained its discreet ‘Privacy Policy and Cookies’ link.

Thomson

Thomson has also seen no reason to update its tiny statement on cookies.

John Lewis

John Lewis has done away with the notice at the top of its homepage, so now the only link is a tiny banner in the footer.

House of Fraser

House of Fraser is one of a number of retailers that just has a small hyperlink to its cookie policy at the top of the screen.

M&S

Last time I checked M&S had a fairly prominent link at the top of its homepage, but this has since been downsized to a tiny text link at the very bottom of the page.

Facebook

Facebook has a teeny, tiny mention of cookies on its homepage. But you really have to look for it.

Those with a discreet banner...

Gocompare.com

Gocompare.com has made its cookie policy notice slightly more prominent, with a grey box rather than a simple text link.

Debenhams

Debenhams’ cookie policy appears at the bottom of the homepage the first time you visit the site. It accentuates the positives, stating that cookies are used in order to deliver a "fabulous" user experience.

Lastminute.com

Lastminute has opted for a discreet yellow banner at the bottom of the screen.

BBC Good Food

The BBC has done away with its intrusive pop-up and replaced it with a simple banner at the top of the homepage. It is a vast improvement on the old version.

The Guardian

The Guardian has opted for a small, concise notification at the top of its homepage.

Those with a prominent banner or pop-up...

The Co-operative Bank

The Co-op bank initially displayed a small ‘Privacy and cookies’ button, but that has since been replaced with a large banner that briefly explains why cookies are necessary.

Santander

Santander has also given its cookie policy more real estate since last year. As with other sites it sells the benefits of allowing cookies, stating that they are used “to deliver superior functionality and to enhance your experience of our websites.”

Games Workshop

Games Workshop potentially has the most imposing cookie pop-up I've come across. You can’t actually enter the site until you agree to accept cookies.

ITV

ITV has opted for a prominent banner at the top of its homepage.

B&Q

B&Q has also made its cookie notification far more prominent. It now has a big, bright banner at the top of its homepage whereas previously it only had a small notice tucked away at the bottom of the page.

ASOS

ASOS has a cookie pop-up that appears in the bottom right-hand corner of the screen. It’s unmissable, but it’s likely that most people will simply click ‘Okay’ just to get rid of it.

How do you approach the issue of cookie compliance? Do you feel a prominent message is necessary? Or, since enforcement has been less strict than expected, is it a bit OTT? 

David Moth

Published 23 July, 2013 by David Moth @ Econsultancy

David Moth is Editor and Head of Social at Econsultancy. You can follow him on Twitter or connect via Google+ and LinkedIn

1690 more posts from this author

Comments (10)

Comment
No-profile-pic
Save or Cancel
Avatar-blank-50x50

Martin Sansom

We've been advising many of our clients to take the same approach as John lewis or Thomas Cook, with a small link to the Cookies Policy either on its own page or within the general website T&C's.

When the law was originally introduced many website owners panicked and introduced heavy-handed or clumsy pop-ups that gave users the option to view the site without cookies. This was seen as ok, as it encouraged users to stay on the site even if the website owner couldn't record what pages they went to or how long they stayed.

However, the enormous drop-off in analytics data that was now available to marketers meant that the potential loss of a few customers by forcing cookies was now becoming an acceptable loss.

If there can be an acceptance of "collateral damage", we now recommend that website owners require users to accept their cookie policy as part of the T&C's of using the website. It also seems that big companies like John Lewis and Asda agree with us, and we're pretty sure that their expensive legal teams have done their research too.

over 3 years ago

Avatar-blank-50x50

Richard Beaumont

I think a number of these companies have taken a risk based approach in their reaction to the law.

They have looked at what the ICO has said about enforcement, and weighed that up against the costs and disruptive impact of change.

There is nothing wrong with this of course, but right now I think it is very difficult to say that any of them are compliant in the strictest sense.

One thing that is often overlooked in commentary is that the ICO website, which ought to be a model for how to comply if ever there was one, offers a button on its cookies page, to delete and prevent the future setting of cookies - an opt-out.

Therefore you have to say that any site which stops short of this, and only offers information, is to some degree falling short of requirements.

over 3 years ago

Avatar-blank-50x50

David Blundell

I've noticed that the most enthusiastic country to action the EU cookie law is actually the UK. It would be interesting to see a survey on the % of sites in other EU countries complying.

over 3 years ago

Avatar-blank-50x50

lawrence shaw

@David B, I'd say those leading across the EU are Denmark currently. The were the first to introduce clear specific standards about the reporting of cookies, along with an online look up tool to allow consumers to check the accuracy of websites.

I know the detail of the technical standard 'very well' as i was contracted to write, I also work for with a number of other DPA's across member states and at the EU.

The standard can be found at [http://erhvervsstyrelsen.dk/cookie-vejledning/0/7] I can offer an English translation, please drop me a note.

@David M - some nice examples, but some as hinted out are not within the actual requirement, or the spirit of the law - Dave Evans from the ICO was very clear about items such as positioning of a ,ink, 'it can not be hidden at the bottom of the footer'

On ASOS for instance (and this is very common across corporate, multi-sites presences) the main site has one method of 'cookie reporting' but across its others sites it has differing methods - BT has at least 4 different ways to advise you / display methods.

Its not easy for corporations to handle this in a consistent way, I'm currently working with a major Life Sciences Corp., some 3600 sites to coordinate.

Also if i may could I add examples of the likes of the Post Office (www.postoffice.co.uk) and VISA (www.visaeurope.com) differing examples.

over 3 years ago

Avatar-blank-50x50

Dave Wonnacott

We've had varying success at getting our customers to comply. The worst are simply adding a link somewhere innocuous (which really doesn't cut it as Richard B. notes above), but thankfully, they are small websites that probably fly under the radar. The better news is that we convinced one of our larger, much more high-profile clients to go the whole hog with a very clear overlay and user-friendly 'control panel' because they came to see it as a trust issue with their audience. In the year since, there hasn't been any significant adverse effects that we can see, and the client has received excellent feedback in a number of site compliance audits. Win-win!

over 3 years ago

Avatar-blank-50x50

Dave Wonnacott

We've had varying success at getting our customers to comply. The worst are simply adding a link somewhere innocuous (which really doesn't cut it as Richard B. notes above), but thankfully, they are small websites that probably fly under the radar. The better news is that we convinced one of our larger, much more high-profile clients to go the whole hog with a very clear overlay and user-friendly 'control panel' because they came to see it as a trust issue with their audience. In the year since, there hasn't been any significant adverse effects that we can see, and the client has received excellent feedback in a number of site compliance audits. Win-win!

over 3 years ago

Graham Charlton

Graham Charlton, Editor in Chief at ClickZ Global

@Richard The ICO has itself moved to a less strict approach than it originally had: http://assets.econsultancy.com/images/resized/0003/5638/ico_cookie_law-blog-full.png

It now assumes that, if visitors continue to browse through the site, then consent is implied.

Given that this is the ICO approach, I don't see why any other sites should do more than this.

Very few people have complained anyway, which suggests that web users just aren't that concerned: http://econsultancy.com/uk/blog/11373-eu-cookie-law-ico-has-received-just-550-complaints

over 3 years ago

Graham Charlton

Graham Charlton, Editor in Chief at ClickZ Global

@lawrence - the ICO has been fairly inconsistent in its approach, and has refused to define exactly what kinds of messaging is acceptable.

In his interview with me last year, Dave Evans said:

"We don’t know what compliance will look like in a year’s time. There are lots of gaps here, and we want people to fill them with good practice. We can then point to examples of this and everyone will have a greater understanding of what is required."

I think that, if sites are informing users of the cookies used and why, then it's enough for them to decide whether or not they'd like to delete cookies themselves. This is the approach we've taken here.

The examples you mention from Post Office and Visa are both easily missed I'd say.

over 3 years ago

Avatar-blank-50x50

Richard Beaumont

@Graham - yes, they did change from opt-in to implied consent. That was well documented.

But - my point is that the ICO implied consent model, includes a specific opt-out button to stop them using cookies.

That is the element that actually makes their site match their guidance, and that is missing from most of the examples.

I'm not for a moment suggesting sites should do more that the ICO - but at the moment they are doing less, and that is where the risk lies.

That is also why lots of 'advice' to just put a link in a footer to an enhanced information page, and the associated 'the cookie law is dead' messaging from people who should know better, is misleading.

If anyone is going to put themselves forward as an expert - they need to tell people the truth about the law, not just what people want to hear.

over 3 years ago

Graham Charlton

Graham Charlton, Editor in Chief at ClickZ Global

We did write a guide on this, and it was tricky to balance the requirements of the law and the potential threat to businesses of lost business, analytics stats etc caused by stricter cookie solutions.

When the body responsible for policing this, the ICO, has bigger fish to fry, and the reaction from them to any complaints would be to write a letter, then it's hard to advise online businesses to spend time and money implementing cookie law solutions.

If I was starting a website tomorrow, I'd add a prominent link to our cookie policy, which then listed the cookies we used and why, as well as how users could remove them if they wish to. This informs those users that want to know, but doesn't harm the user experience for the rest.

over 3 years ago

Comment
No-profile-pic
Save or Cancel
Daily_pulse_signup_wide

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Daily Pulse newsletter. Each weekday, you ll receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.